"Institutional policy and federal regulations require review and approval by the PCOM IRB of ALL research activities conducted at PCOM or other institutions by PCOM faculty, students, and staff involving human subjects PRIOR to their involvement. This applies to all faculty and staff research, as well as all student-originated research, including research to satisfy the requirements of master's and doctoral degrees. Institutional policy also requires PCOM IRB review and approval of proposed research by those outside of PCOM who wish to recruit participants at PCOM for research conducted elsewhere. Complete PCOM IRB Rules and Regulations are housed in BlackBoard and accessible by PCOM faculty."
If your answer is yes to any of the following three screening questions, then your REDCap project requires IRB approval.
Will the results be shared in a format that will allow others to apply your findings to their setting?
PCOM - Division of Research. (2018). Philadelphia college of osteopathic medicine institutional review board policies and procedures. Philadelphia, PA: PCOM. Retrieved from https://pcom6.blackboard.com/
To be compliant with HIPAA, the following protected health information must be removed:
For further information on de-identification of protected health information by expert determination see 45 CFR § 164.514(b)(1).
Source: "De-identification of Protected Health Information" HIPAA Journal. 2018. https://www.hipaajournal.com/de-identification-protected-health-information/
The PCOM REDCap system is maintained in a HIPAA-compliant environment. If you are subject to 21 CFR Part 11, you may want to double-check with your sponsor or other oversight to confirm if Part 11 compliance is applicable to the potential REDCap component of your work. In many cases, FDA-type projects need 21 CFR Part 11 compliance only when the electronic data capture system is considered the SOURCE document. This is frequently not the case because the data originally exists elsewhere - paper or electronic medical record. So you may find that a HIPAA-compliant environment is sufficient.
PCOM's IRB materials reside in BlackBoard in a folder called "Research Compliance - IRB/IACUC". Please coordinate closely with your IRB team to learn about what they require for your specific protocol.
We recommend exploring all the options in both REDCap and with your study oversight to determine which REDCap features are most applicable to your work. Your oversight/governing bodies certainly have the final say in what they consider ‘valid’ – e.g. yes/no fields, typed vs. signed names. You can use REDCap’s features to build your e-consent form however you (and they) wish.
REDCap does have a field type that allows people to write their signature with a mouse, stylus, or finger (depending on what type of device they use to access REDCap). When in the Online Designer, if you add a new field, you’ll be prompted to choose a field type. The ‘Signature’ field type is just over half-way down the list.
The 'signature' field type is sometimes considered comparable to a ‘wet signature’ by some IRBs. Depending on what regulations folks are subject to, sometimes text box fields can also be used for signatures. For example, some protocols consider typing in the name (using a regular text box) as legally-binding. You must contact your IRB to learn about what they require for your specific protocol.